An Obvious Solution To NSA Overreach – Put People In Charge Of Their Own Data

Edward Snowden, who leaked information about far-reaching
US government surveillance programs to the
media, calls these programs the “architecture of oppression.”

He says it is the public, not the government, who should decide
their use.

At the very least, the secret and massive government surveillance
of phone records and Internet data disclosed by Mr. Snowden
should prompt a public debate on the balance between privacy and
the collection and use of personal data – and, we believe, a
change in who controls the use of that data.

One reason this debate must happen is that data gathering has
evolved to include “metadata.” This involves the sweeping
collection of call records, for instance, or email logs that
record the traffic between email accounts and phone numbers – but
not the content of what was talked about.

The multiple layers of the kinds of information that are gathered
today, and the many uses of that information, are far more
revealing than people generally realize. This argues for an
entirely new approach to managing information – one that’s
bottom up, instead of top down.

In recent years, however, the public has mostly yawned over the
need for a privacy-data discussion. The zeitgeist has evolved to
a point where most people know that their daily activities leave
countless digital traces. Data collection is like the rain, it
will be there, whether we like it or not. This seems especially
true when it comes to fighting terrorism.

According to a June 6-9 survey by the Pew Research Center and
The Washington Post, a majority of Americans
(56 percent) don’t object to the National Security Agency’s (NSA) broad
tracking of phone records to find terrorists, which was exposed
earlier this month.

The institutions in America that control information collection
also haven’t put the topic of change seriously on the table.
Businesses don’t want to give up their marketing advantage. The
NSA, which obtained secret court permission for its dragnet of
phone records and surveillance of foreigners using data from US
Internet companies, doesn’t want to give up its intelligence
advantage in fighting terrorism. And Congress seems overwhelmed
by the unwieldy nature of electronic communication today.

Many players in government characterize the NSA’s use of metadata
as more or less benign. The agency gathers the phone records,
detects worrisome patterns that might threaten America’s
security, and only then asks for a search warrant to dig into the
communications content of certain individuals.

But metadata is more powerful than most people realize. For
instance, something as simple as recording Facebook “likes” and website clicks can reveal a
person’s religious and political views, economic standing, sexual
preference, personality, mental health, ethnicity, use of
addictive substances, and more. The ability to characterize
groups by these traits might tempt some in the government to
cross the line from finding terrorists to targeting groups
because of their political leanings.

Because of the scale and connectedness of data collection and the
inability of today’s institutions to squarely face the privacy
issues involved, we strongly back a new approach to data privacy
that we’re working on here at MIT’s Media Lab. It puts
individuals in control of their personal data, allowing them to
determine who can possess their data, how it can be shared,
redistributed, and disposed of.

Each citizen would have a personal data store, like an
email inbox, that would let them see where data about them goes
and how it is being used. The NSA could still get a court order
allowing it to use a person’s metadata to track terrorists, but
at least an individual could see that something is happening –
rather like seeing a police cruiser patrolling the neighborhood.
The big difference from now is that individuals could see which
companies or government agencies were using data about them, and
control these groups’ access to that data.

Given the new data landscape, simply attempting to redraft
policies on how the government collects data will not achieve the
needed balance between the privacy and utility of data. A “new
deal on data” is needed that puts individuals in charge of their
own communication. That starts with a national debate.